Abstract: A self-contained printing system includes a weatherproof housing defining an interior for containing the self-contained printing system components. A printer located within the weatherproof housing prints documents responsive to a print command. The printer is powered by a battery located within the weatherproof housing. A charging system charges the battery located within the weatherproof housing responsive a charging signal. At least one solar panel located on an exterior of the weatherproof housing provides the charging signal. Wireless communications circuitry enables the receipt of the print commands from an external device located outside of the weatherproof housing via a wireless communications link and communications with at least one remote server via the wireless communications link. A system processor monitors wireless communications link and generates status messages responsive thereto. At least one display located on the exterior of the weatherproof housing displays the status messages.

Abstract: A system for payment routing according to a likelihood of settlement. The system includes processors and/or transceivers programmed to receive a payment transaction message relating to a putative payment transaction. The payment transaction message contains putative payment transaction data including a customer identification (ID) for an account and a transaction amount. The system generates a scaled score representing the likelihood of settlement of the putative payment transaction on at least one date for each of a plurality of potential payment rails. Based at least in part on the at least one scaled score for each of the plurality of potential payment rails, the system selects a payment rail from the plurality of payment rails. The system initiates, via the selected payment rail, a payment transaction corresponding to the putative payment transaction.

Abstract: Embodiments of the present invention relate to a device includes both a transferring and receiving interface. The device may include a direction indicator, for example an arrow, indicating a direction of data transfer. The device may also include a switch, such as a button, to initiate data transfer. The device may also include a counter, display, or light that indicates the amount data transferred and serves as a user interface. The device may also include a power source, such as a battery, to power the device during data transfer.

Abstract: A method includes detecting a security token device that is un-formatted with respect to an enterprise, wherein the security token device comprises a first cryptographic authentication key, and formatting, by a processor, the security token device by replacing the first cryptographic authentication key of the security token device with a second cryptographic authentication key that is specific to a security requirement of the enterprise.

Abstract: A method includes detecting a security token device that is un-formatted with respect to an enterprise, wherein the security token device comprises a first cryptographic authentication key, and formatting, by a processor, the security token device by replacing the first cryptographic authentication key of the security token device with a second cryptographic authentication key that is specific to a security requirement of the enterprise.

Abstract: An embodiment generally relates to a method of managing tokens. The method includes detecting a presence of a token at a client and determining a status of the token. The method also includes formatting the token at the client in response to the status of the token being unformatted.

Abstract: An embodiment generally relates to a method of preventing information theft. The method includes receiving access information including a password, comparing the access information to stored access information, and verifying a destination of the access information to determine if the destination is valid for the access information. The access information is transmitted based on the comparison to the stored access information and the verification of the destination.

Abstract: Embodiments of the present invention provide a method and system, including a client and security token, for reducing a size of a security-related object stored in the token. The object is stored in a storage structure that is indexed according to an identity reference to a certificate associated with the object and a private key identifier identifying a private key assigned to an owner of the token. A request to access an encrypted data object results in accessing the private key identifier in the storage structure using only the identity reference as an index.

Abstract: An embodiment generally relates to a method of increasing user convenience. The method includes displaying a log-in user interface and receiving an authentication attempt in the log-in user interface. The method also includes determining a status of the authentication attempt and delaying a completion of an authentication attempt by a time-based function in response to a status being a failed authentication attempt.

Abstract: Embodiments of the present invention provide identity management security domains that may be used in an enterprise security system. A security domain provides a centralized registry of services provided by the enterprise security system. For example, certificate authorities and other services, such as key archives, and the like, in the enterprise security system may register information about themselves in the security domain. Authorized users can then discover the location of these services. In some embodiments, the security domain may provide an interface that indicates a topology between services of the enterprise security system. The security domain may also serve as a distribution point for security policies. A security policy may comprise information that indicates, for example, a set of trusted certificate authorities, certificate templates, certificate revocation lists, and the locations of the services in the enterprise security system.

Abstract: Embodiments of the present disclosure provide a flexible way of accommodating typical user errors when attempting to gain access. One method prevents an error in an access protocol by determining if an access request contains an error that may be forgiveable, such as repeated entry of the same incorrect password or the use of all capital letters. If the access request contains an error, the access request will be classified as invalid. As such, the invalid access request will not count against the number of allowed access requests. Errors may include repeated passwords, obvious typographical error, etc. A message may also be provided or sent to the user that informs the user of their error.

Abstract: Systems and methods for providing a multiple source entropy feed for a PRNG that is used to generate server-side encryption keys are disclosed. A data recovery manager may collect additional entropy sources that feed into the PRNG between each key generation. The entropy may be collected from a variety of sources, for example, high-resolution timer intervals between input/output interrupts, hard disk access operations, and the like. The number of bits of entropy collected may be configured for each key generation.

Abstract: An embodiment relates generally to receiving a plurality of security certificates for each user of a plurality of users and generating a random renewal period for a selected security certificate. The method also includes associating the random renewal period to the selected security certificate and providing the selected security certificate with the random renewal period to the respective user of the plurality of users.

Abstract: A method and system for generating credentials for a token. A server detects a token, determines that the token is to be enrolled, and generates a subject key pair that includes a subject public key and subject private key. The server encrypts the subject private key with a key transport session key to obtain a wrapped private key and forwards the wrapped private key to the token.

Abstract: Embodiments of the present invention provide a profile framework for handling enrollment requests. In particular, when a token processing system receives an enrollment request, it selects an applicable profile based on information in the request. The profile may indicate a variety of parameters for fulfilling the enrollment request, such as the locations of the applicable certificate authority, token key service, and the like. The profile may also indicate items, such as the number of keys to generate on a token, a token label, and connection information to securely communicate with other components and the client making the enrollment request.

Abstract: An embodiment relates generally to a method of managing a token. The method includes marking a token to be killed and detecting a presence of the token. The method also includes disabling the token in response to the marking of the token.

Abstract: In a device, method and/or computer-readable medium for secure communication between a client device and a server, the client device includes a browser for accessing a website provided by the server, the client device generates a key according to a key generating cryptographic routine; tags the key with a marker associating the key with the website; and stores the tagged key in a memory associated with the browser.

Abstract: Embodiments of the present invention provide a compression capability for compressing a CRL, such as an X.509 CRL, stored as a file, data structure or data object in a computer system having a certification authority (CA) and a security client. An exemplary method provides for accessing the CRL contents including a certificate revocation record and performing compression procedure, such as a lossless compression procedure on the contents of the CRL. The compressed CRL contents can be stored in another file, data structure or data object. A request for the compressed CRL is from a security client whereupon the compressed CRL is returned to the security client by transferring the compressed CRL contents to the security client. The security can client un-compress the compressed CRL contents. In some cases the uncompressed CRL contents can be transferred to the security client.

Abstract: An embodiment pertains generally to a method of delivering keys in a server. The method includes generating a subject key pair, where the subject key pair includes a subject public key and a subject private key. The method also includes retrieving a storage key and encrypting the subject private key with the storage key as a wrapped storage private key. The method further includes storing the wrapped storage private key.

Abstract: Embodiments of the present invention provide a secure remote password reset capability. In some embodiments, an exemplary method provides a remote reset of a password associated with a token in a computer system having a security server. A token-based authentication process is activated by connecting the token to the security server. A server-based authentication process is initiated in the security server by activating a password reset process in a security client. The server-based authentication process communicates with the token-based authentication process over a secure channel. An authentication credential is managed by a third party agent that supplies a query and the authentication credential as a correct response to the query to the security server. A prompt provided by the password reset process collects the authentication credential and a new password. After the authentication credential is validated mutually authentication is performed between the security server and the token.